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METHOD AND PROGRAM PRODUCT FOR MAINTAINING 
SECURITY OF PUBLICLY DISTRIBUTED INFORMATION 



DESCRIPTION 
BACKGROUND OF THE INVENTION 

5 Field of the Invention 

The present invention generally relates to data file security and more particularly, 
the present invention relates to maintaining data security amongst shared data files such 
that files are shared only with remotely connected group members intended to be 
authorized to access the files. 

I q Background Description 

Generally what is known as the Internet or World Wide Web (WWW) is a large 
scale network of globally connected computers. The Internet places an almost limitless 
amount of information at the fingertips of each connected computer user. The 
information is located at various globally connected computers, each at what is typically 

1 5 referred to as a "Web Site." Each web site may include multiple accessible web pages 

linked to each other. Each web page is a data file encoded in HyperText Markup 
Language (HTML) or a similar browser friendly code. A web page may include one or 
more Hypertext links or Hyperlinks, each to a Uniform Resource Locator (URL) that 
points to a file at an Internet location. The file may be any type of file including but not 

20 limited to another HTML document or web page, a word processing document, 
compressed or uncompressed data or simple text. To take advantage of available 
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information, what are known as web search engines have been developed and used in 
what is commonly referred to as "crawling" to find and index web pages, and respond to 
user queries based on the indexed web pages. 

Collaborative efforts or projects, wherein multiple parties participate toward a 
5 common goal, often require participants to share information, work results, files, etc. 

These parties may be located at remote locations and sharing their work through a central 
server. The stored material may be made available to participants as users of a group by 
providing group access to the material, such as by placing links to the material on a 
particular website or the workgroup's homepage. This work may be very sensitive, 
10 requiring security measures, e.g., password protection, to guard from having it fall into 
the hands of a competitor. By limiting password distribution to those having a need to 
know within the workgroup, direct access to files may be restricted to the members of the 
workgroup. 

However, web pages may be accessible, randomly, through a search engine or, 
15 deliberately, to anybody with knowledge of the particular URL. Further, a web site with 

links to other sites, makes those other sites available to any visitors to the original site. 
Thus, sensitive material stored with a link on a private web site may be accessible 
through an indiscretely placed copy of that link on a public web site. Often, web page 
owners post links to some material that is intended for the general public, as well as 
20 private material that may not be intended for the general public, but for a restricted 

audience, e.g., a workgroup. 

For example, a scholar may wish to post published scientific writings for access 
by any web viewer, while making yet unpublished articles available only to a select few 
editors or reviewers. The same scholar may wish to affect a limited distribution of some 
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political writings to those belonging to a certain political group and distribute personal 
material, e.g., family pictures and links, to a circle of relatives and friends. One approach 
to directing access is to collect related links onto different secure web sites, one web site 
for each work group. Small business and organizations that cannot afford to maintain 
5 what is typically referred to as an intranet may wish to maintain web pages intended only 

for their members or employees. See, for example, www.intranets.com. 

However, usually it is impractical to set up registration and passwords for 
members of such groups. Also, there is still a security concern with entities like 
www.intranets.com, concerning the storage location of the sensitive information, i.e., 
1 0 whether it is stored on a private server rather than on some service provider's machine 
with additional storage charges. 

Hackers are a well known problem, continuously assaulting web pages, servers 
and other internet connected computers, looking for a way to invade a target site. Once a 
hacker gains access to a site, the site may be unprotected, especially if the hacker can 
1 5 determine which files are available at the site, e.g., by accessing the directory listing. 

Typically, Hyper Text Transfer Protocol (HTTP) allows web servers to block directory 
listings. However, while blocking directory listings may offer some protection to the 
contents of the files stored in that directory, it also is more difficult for someone with 
legitimate access to the site to determine what is stored there. 

20 Accordingly, there is a need for secure methods of selectively making information 

available to those remotely connected group members that are authorized to have access 
to the information without inadvertently allowing unauthorized access. 



ARC9-2000-0077-US1 



3 



SUMMARY OF THE INVENTION 



It is therefore a purpose of the present invention to make secure information 
available to group members; 

It is another purpose of the invention to provide group members with access to 
5 secure information without exposing the secure information to access by unauthorized 

parties; 

It is yet another purpose of the invention to restrict awareness of the availability of 
sensitive information such that parties not intended to have access to the existence of the 
sensitive information are unaware of it availability. 

1 0 The present invention is a method and computer program product for selectively 

making information available to groups of parties amongst a plurality of parties. Public 
keys are generated and published. Secure keys, which are random both in nature and in 
appearance, are generated, combined with public keys and distributed to members of 
groups selected to have access to secure data identified by a particular secure key, i.e., a 

1 5 public key and secure key combination. The secure keys may be combined with the 

public keys to form a URL that appears to be simultaneously random and descriptive. 
Secure names or URLs may be changed periodically, replacing the secure key portion 
with a newly generated decryption key. In one embodiment, the secure key is an 
encryption key generated from a randomly generated decryption key. The encryption key 

20 is used to encrypt a web page, web page contents or URLs. The present invention may 

assist web page authors and designers in setting up secure file names and creating secure 
HTML files or secure hyperlinks and managing access permissions to material secured 
therein. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



The foregoing and other objects, aspects and advantages will be better understood 
from the following detailed preferred embodiment description with reference to the 
drawings, in which: 

5 Figure 1 shows a flow diagram of an example of the method of the present 

invention of selectively providing access to secure semi-private files; 

Figure 2 is an example of a flow diagram showing how pages are created for a 
particular group according to preferred embodiment; 

Figure 3 is a flow diagram 120 of an example of how group page names may be 
1 0 changed for additional security; 

Figures 4A-B show how secure filenames are generated according to the preferred 
embodiment of the present invention. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS OF THE 

INVENTION 



1 5 Referring now to the drawings, and more particularly, Figure 1 shows a flow 

diagram example 100 of the method of the present invention of selectively providing 
access to secure semi-private files. As referred to herein, a web-based file includes any 
file wherein one or more Internet or world wide web (www) related coded pages includes 
at least one link directed to the file. Files referred to herein as semi-private files are files 

20 intended for use only by a selected group of individuals or users. Secure semi-private 

files are semi-private files that are protected by some security mechanism such as 
password protection. 
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In one preferred embodiment of the present invention, the password is embedded 
in and part of the file's Uniform Resource Locator (URL). In a second preferred 
embodiment, referred to herein as Public Key Cryptography, links to secure semi-private 
files are accessible by group members (through a password), but are not accessible by 
5 non-group members. Thus, a party having access to a linked web page, but not having 

knowledge of the password, may be unaware of undisplayed links to the secure semi- 
private files. 

So, first in step 102, a group administrator generates a public key. Then, in step 
104, the group administrator publishes the public key. A public key may be posted on a 

1 0 web page enabling anyone to post encrypted text on the web page that only group 

members may decrypt. Also, the group administrator generates and distributes a 
decryption key only to members of a selected group. In the first preferred embodiment, 
the decryption key is combined with the public key to form a secure file name for a 
particular semi-private file. Each semi-private file is accessible only to those in 

1 5 possession of the decryption key. 

Next, in step 106, secure file names are embedded as secure links in existing web 
pages or, new web pages may be built that include secure links to the semi-private files. 
The web page designer or builder may include secure links for multiple groups, as well as 
typical (unsecured) links. Links intended for access by specific groups are formed from 

20 the previously published public key in combination with decryption keys for each 

particular authorized group. Thus, specific items directed to specific groups may coexist 
on the same web page but, without any of the groups having knowledge or even being 
aware that other items targeted to other groups are included on the same web page. So, 
for each group accessing the same web page, in step 108, members of a particular group 

25 decrypt links or contents to items linked in that page depending upon that particular group 
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having been previously granted permission, i.e., by virtue of having received private keys 
from the group administrator. 

Figure 2 is an example of a flow diagram 1 10 showing how pages are created for a 
particular group according to preferred embodiment. First in step 1 12, the web site 

5 designer or builder places various blocks that may be shown to different groups in a 

special directory of building blocks. This special block directory may have a simple or 
trivial name since awareness of it may be restricted to those intended to have use of it. 
By contrast, secure files maintained and accessible from this block directory should have 
names that are simultaneously both partially informative and are partially difficult to 

1 0 guess. So, in step 1 1 4, random suffixes are generated (to generate difficult to guess 

portions) and, one or more random suffix is attached to each informative name portion to 
form building block file names. Each newly generated file name with the attached 
random suffix is entered in a directory of the building blocks. 

For example, a first user, userl, may place a file, index.html, in block directory, 
15 /users/userl/bldblks. Other secure files in that directory might include: 

poem6A5ZQRT.doc, homeaddress9GDK321.txt, map42TYU13.gif, each having an 
easily understood portion and a randomly generated suffix portion providing security to 
the secure file. The informative part of each secure filename facilitates site maintenance, 
making it simpler to understand the nature of the file's contents. By contrast, the 
20 randomly generated suffix portion, has a random appearance, making it unlikely that 

unauthorized parties could discover the actual file name, much less guess it or stumble 
onto it. 

Once the building blocks are in place, the web page builder designs web pages 
that are seen only by selected groups in step 116. The web pages are created using 
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frames, for example; the completed web pages contain appropriate building blocks and/or 
hyperlinks to the building blocks for each interest group. Also, at this point, a random 
name is created for each web page. 



For example, one group (groupl) may be given access to a poem 
5 (poem6A5ZQRT.doc) and a home address (homeaddress9GDK32 1 .txt), a second group 

(group2) may be given access to the poem and a map (map42TYU13.gif), while a third 
group (group3) is given access to the home address and the map. According to the 
preferred embodiment of the present invention, this is effected by creating an individual 
page for each of the groups, grouplCCWQUYT.html, group2GFDT43SD.html and 
10 group3HGOIP76R.html. Each individual page contains group specific hyperlinks to the 

appropriate materials or, includes group specific material embedded as frames on the 
particular web page. Thus, for this example, the HTML file for the first group would 
contain the lines for the poem and for the home address: 

<A HREF="http://www.sonesitexom/users/user^ldblks/poem6A5ZQRT.doc"> The 
15 poem</A> 

<A HREF= n http://www.sonesite.^ .txt n >Home 
20 Address</A>..., 

with appropriate link implementation and files in the corresponding pages for the other 

two groups. 

Continuing in step 118, members of the group are informed about the URL of that 
particular page. Preferably, this is done using e-mail although it could be done verbally or, 
25 by using any other appropriate information distribution technique. Notifying group 

members is necessary because the URL is partially secure, by virtue of the random portion 
included in the URL that will be known only to those people so informed. Thus, the 
owner of the block directory, e.g., userl, can e-mail the URL 

http://www.sonesite.com/users/userl/grouplCCWQUYT.html to the members of groupl, 
ARC9-2000-0077-US1 8 



optionally using any well known encryption technique for added security. The URL is not 
made available for general distribution and, so, remains private and secure provided none 
of the group members discloses it, e.g., by placing a link to it on a public page or by 
distributing it to other non-group members. So, the web page will be viewed as any other 
5 web page, but only by those intended by the author to see it. Each group member may 

easily place a link in a bookmark or favorites file for repeated subsequent easy access. 

Figure 3 is a flow diagram 120 of an example of how group page names may be 
changed for additional security. Group page names may change, for example, to frustrate 
hackers or, if group members change, or for any reason a password would be changed. 

1 0 First, in step 1 22, the pseudo-random number suffix of the old secure web page URL is 
deleted. Thus, some or all of the random suffices may be changed manually by the web 
page builder or, automatically, by the web site system of the preferred embodiment. Then, 
in step 124, after generating a new random suffix, i.e., after generating a new random 
number, the new suffix is attached to the group name to form the group page name. After 

1 5 each random suffix change, the affected group members are notified, either automatically 

by the system or by the web page builder. Notification may be, merely, a reminder that the 
encryption key has been changed and that group members should run a previously supplied 
executable that changes corresponding URLs in the group members' bookmarks files. 
Alternatively, that new random suffix or an updated bookmark imprinted with that random 

20 suffix may be encrypted and directly e-mailed or otherwise transmitted to group members, 

making group members aware of the new URLs for those pages intended for group access. 

Figures 4A-B show how secure filenames are generated according to the preferred 
embodiment of the present invention. Figure 4A is a flow diagram 130 of how secure 
names are generated according to the preferred embodiment of the present invention. 
25 Figure 4B is a cross-reference table for mapping numbers from 0 - 61 to corresponding 
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alphanumeric characters, wherein the random suffices are generated using, for example, a 
pseudo-random number generator to generate a n-digit numerical key, wherein n is any 
positive integer and each digit is between 0 and 61 . Thus, in step 132, after a particular 
group has been identified to be requesting secure web page access, the group administrator 
5 receives the name of a particular file (fname). Then, in step 134, a k-digit random suffix is 
generated using a psuedo random number generator for example. The random suffix may 
be any length, but should be long enough to be non-trivial and may be difficult to 
memorize and so, may be stored locally on a particular group members' computer. 
Preferably the random suffix length is randomly generated and is 5 - 8 characters long. 

1 0 Having decided encryption key length, in step 1 36, k individual random numbers between 
0 and 61 are generated, each generated random number corresponding to an entry in the 
cross reference table of Figure 4B. So, in step 138, using the cross-reference table of 
figure 4B, each of the k random numbers are mapped into alphanumeric characters. 
Finally, in step 140, the k alphanumeric character random suffix is concatenated onto the 

15 end of the file name (fname) received in step 132. 

It should be noted that the present invention may be adapted to usenet newsgroups 
to provide private newsgroups. In this optional embodiment, a group member user can 
initiate discussion groups for different subjects in a way that only invited participants and 
group members have access to the discussion. The correspondence stream is maintained 
20 and archived on a single machine (the initiator's machine) and, only invited participants 

know the newsgroup directory location, e.g., its URL. 

The second preferred embodiment, Public Key Cryptography, provides additional 
security over and above that of the first preferred embodiment. This second preferred 
embodiment may be implemented in addition to or, optionally, independently of the above 
25 first preferred embodiment. In this second embodiment, a web page builder creates web 
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pages with publicly known names and the web pages include both un-encrypted links as 
well as encrypted links. Preferably, encryption is done using a public key-private key 
scheme as described in U.S. Pat. No. 4,405,829 entitled "Cryptographic Communications 
System and Method" to Rivest et al 

5 For example, a web page builder publishes a public key and distributes a private 

key in a secure way to each person intended to have access to particular encrypted links. 
A web page named http://www.somesite.com/someuser/index.html may include un- 
encrypted links as well as links that are encrypted using encryption keys. In the second 
preferred embodiment, the name of the link itself may be encrypted using the public key. 
10 Thus, links intended for a particular family may have the standard form, e.g., 

http ://www. somesite. com/someuser/family .html 
or, when also including the added protection of the first preferred embodiment, having the 
form 

http://www.somesite.com/someuser/family83Edrf5.html. 
1 5 Typically, for the first URL above, a plain HTML link may have the form 

<A HREF= n http://www.somesite.com/someuser/family.html n >FAMILY 
STUFF</A>, 

published on publically known page http://www.somesite.com/someuser/index.html. 
However, after encryption according to the second preferred embodiment, the link in this 
20 example (or a link corresponding to the second more secure link) may become 

A2#3F&*(hc342FXCVBh. 

For the second preferred embodiment, extensible Markup Language (XML) is 
enhanced to include secure links, adding, for example, a new XML tag, e.g., an SA tag. 
Thus, in this example, the web site builder includes an encrypted HTML link on the 
25 publically known web page using the SA tag, e.g., 
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<SA HREF= ,, A2#3F& 5Ei (hc342FXCVBh n >FAMILY STUFF</SA> ; 
which, when decrypted, points to 

http://www,somesite.com/someuser/family.htmi (or family83Edrf5.html). 

As can be seen from this example, an intruder/hacker or an otherwise unauthorized 
5 visitor will not be able to select the link displayed in the SA tag. However, an authorized 

party, in this example a family member, who has access to the correct private key will be 
able to decrypt the link. This link may then be used for downloading the desired page to 
the authorized browser. As discussed hereinabove, an intruder/hacker will find it much 
more difficult to guess the latter type of link names without possessing the appropriate 
10 key. This second preferred embodiment provides an improved two-level security 

mechanism. 



The typical state of the art web browser may be modified to include mechanisms to 
automatically retrieve an appropriate decryption key from the user's machine in response 
to encountering a link embedded within such a SA tagged field. So, when the browser 

1 5 detects a XML secure link tag in a page, the browser directs the user's system to the 

appropriate local directory to look for the decryption key, which, if found there, is used to 
decrypt the encrypted link name and requests the decrypted URL. While, at first glance, 
this automatic response may appear to be a password request, it is actually quite different. 
Instead, unlike password protection, the private key is never transmitted over the internet 

20 to the server. Rather, verification is at the client side only, i.e., at the location of the group 

member requesting access to the protected file or web page. 



Optionally, whenever a group member requests an encrypted link that is enclosed 
within SA tags, the server may send an encrypted copy of the file to the group member's 
browser, where the public same encryption key that was used for encrypting the link is 
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used once again. The browser, then, automatically decrypts the encrypted page using the 
locally stored public decryption key without any further intervention. This optional 
mechanism insures that accidental discovery or malicious discovery (e.g., by monitoring 
network traffic) of hidden links is not a security breach, opening access to the secure link 
5 without the appropriate decryption key. 

While the invention has been described in terms of preferred embodiments, those 
skilled in the art will recognize that the invention can be practiced with modification 
within the spirit and scope of the appended claims. 
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CLAIMS 



What is claimed is: 



1 1 . A method of selectively making information available to groups of parties amongst 

2 a plurality of parties, said method comprising the steps of: 

3 a) generating a public key; 

4 b) publishing said public key; 

5 c) generating a secure key; 

6 d) combining said secure key with said public key; and, 

7 e) distributing a key corresponding to said secure key to members of a 

8 selected group. 

1 2. A method as in claim 1 , wherein the public key is a recognizable name portion and 

2 the step (a) of generating a public key comprises generating a plurality of public keys. 

1 3. A method as in claim 2, wherein in step (d) said secure key is combined with each 

2 of said plurality of public keys. 

1 4. A method as in claim 3, wherein in step (d) said secure key is combined with ones 

2 of said plurality of public keys. 

1 5. A method as in claim 2, wherein the step (c) of generating a secure key comprises 

2 generating a plurality of random suffixes, ones of said random suffixes being combined 

3 with ones of said plurality of public keys. 
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1 6. A method as in claim 5, wherein in the combining step (d), said random suffixes 

2 are concatenated with ones of said plurality of public keys. 

1 7. A method as in claim 5, wherein in the distribution step (e), each of said random 

2 suffixes is sent as its corresponding key to members of one or more selected groups, at 

3 least one selected group not receiving one or more distributed keys. 



1 



1 



8 . A method as in claim 7, wherein group members use received said random suffixes 



2 to access secure information. 



9. A method as in claim 8, wherein the secure information is contained on a web 

2 page, each web page containing secure information being identified by one of said random 

3 suffixes. 

1 1 0. A method as in claim 5, wherein the secure suffixes are encrypted keys and the 

2 corresponding keys are decryption keys. 

1 11. A method as in claim 1 0, wherein the combining step (d) comprises the steps of: 

2 i) creating a plurality of building blocks; 

3 ii) encrypting each of said plurality of building blocks with selected encryption 

4 keys; and 

5 iii) creating one or more secure web pages, each secure web page including one 

6 or more encrypted building blocks and having a secure web page name. 

1 12. A method as in claim 1 1, wherein the step (e) of distributing the decryption keys to 

2 group members further comprises sending e-mail to members of the selected group, 

3 informing said members of said secure web page name. 
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1 13. A method as in claim 1 1 wherein the encrypting step (ii) comprises concatenating 

2 said building blocks with encryption keys. 

1 14. A method as in claim 1 , wherein the secure keys are encrypted keys and the 

2 corresponding keys are decryption keys. 

1 15. A method as in claim 1 4, wherein said encryption keys are combined with one or 

2 more links, said links combined with encrypted keys being published as encrypted links. 

p i 1 6. A method as in claim 15, wherein a client browser automatically prompts a user for 

m 2 a decryption key whenever an encrypted link is encountered, said browser decrypting the 

U 3 encrypted link using the decryption key and, responsive to the decrypted encryption key 

If ] 4 requesting a corresponding web page. 

;L, i 1 7. A method as in claim 1 6, wherein the file corresponding to an encrypted link is 

i^f 2 encrypted. 

1 18. A method as in claim 1 7, wherein said client browser automatically decrypts the 

2 corresponding encrypted file using a locally stored private decryption key. 

1 19. A method as in claim 5, said method further comprising the step of: 

2 f) changing secure page names for a selected group. 
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1 20. A method as in claim 19, wherein the step (f) of changing secure page names 

2 comprises the steps of: 

3 i) removing a secure key from said page name; 

4 ii) attaching a new secure suffix; and 

5 iii) sending e-mail to members of said selected group, informing said members 

6 of said name change. 



1 



21 . A method as in claim 2, wherein the step (c) of generating the secure suffix 

2 comprises the steps of: 

3 i) generating a plurality of random numbers; and 

4 ii) mapping each of said plurality of random numbers to a corresponding 

5 alphanumeric number. 



1 



1 



1 



3 



22. A method as in claim 2 1 , wherein each of said random numbers is a number 



2 between 0 and 61. 



23 . A method as in claim 22, wherein the mapped plurality of random numbers 

2 generated is a decryption key, the method further comprising: 

3 iii) deriving an encryption key from said generated decryption key. 



24. A computer program product for selectively making information available to 



2 groups of parties amongst a plurality of parties, said computer program product 



comprising a computer usable medium having computer readable program code thereon, 



4 said computer readable program code comprising: 

5 computer readable program code means for generating public keys; 

6 computer readable program code means for publishing public keys; 

7 computer readable program code means for generating secure keys; 
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8 computer readable program code means for combining said secure keys with said 

9 public keys; and, 

1 0 computer readable program code means for selectively distributing a key 

1 1 corresponding to each random key to members of selected groups. 

1 25 . A computer program product as in claim 24, wherein the combining means 

2 combines said secure keys with said public keys to form secure links in a web page. 

1 26. A computer program product as in claim 24, wherein the secure keys are random 

2 suffixes and the combining means concatenates said random suffixes with ones of said 

3 plurality of public keys. 

1 27. A computer program product as in claim 24, wherein each said secure key is 

2 distributed as its corresponding key and the key distribution means comprises : 

3 computer readable program code means for sending each of said secure keys to 

4 members of selected ones of said groups, members of at least one said group not being 

5 sent at least one distributed key. 

1 28. A computer program product as in claim 24, further comprising: 

2 computer readable program code means for providing access to secure informal 

3 responsive to keys provided by group members. 

1 29. A computer program product as in claim 28, wherein the computer readable 

2 program code means for providing access to secure information further comprises: 

3 computer readable program code means for displaying secure information on a 

4 secure web page, each web page containing secure information identified by one of said 

5 secure suffixes. 
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1 30. A computer program product as in claim 28, wherein the computer readable 

2 program code means for combining the secure suffixes with the public keys comprises: 

3 computer readable program code means for creating a plurality of building blocks; 

4 computer readable program code means for attaching a secure key to each of said 

5 plurality of building blocks to form secure building blocks; and 

6 computer readable program code means for creating one or more secure web pages, 

7 each secure web page including one or more secure building blocks and having a secure 

8 web page name. 

1 31. A computer program product as in claim 30, wherein the computer readable 

2 program code means for selectively distributing the secure keys comprises: 

3 computer readable program code means for sending e-mail to group members and 

4 informing said members of said secure web page name. 

1 32 . A computer program product as in claim 3 1 , wherein the computer readable 

2 program code means for generating secure keys generates encryption keys and the 

3 distributed corresponding keys are decryption keys. 

1 33 . A computer program product as in claim 25, further comprising: 

2 computer readable program code means for changing secure page. 

1 34. A computer program product as in claim 33, wherein the computer readable 

2 program code means for changing secure page names comprises: 

3 computer readable program code means for removing a secure key from said 

4 secure page name; 

5 computer readable program code means for attaching a new secure key; and 
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computer readable program code means for sending e-mail to members of said 
selected group, informing said members of said secure name change. 

35. A computer program product as in claim 24, wherein the computer readable 

2 program code means for generating random suffixes comprises: 

3 computer readable program code means for generating a plurality of random 

4 numbers between 0 and 6 1 ; and 

5 computer readable program code means for mapping each of said plurality of 

6 random numbers to a corresponding alphanumeric number. 



1 

2 
3 
4 



36. A computer program product as in claim 35, wherein the mapped plurality of 
random numbers generated is a decryption key, the computer readable program code 
means for generating random suffixes further comprising: 

computer readable program code means for deriving an encryption key from said 



5 generated decryption key. 
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METHOD AND PROGRAM PRODUCT FOR MAINTAINING 
SECURITY OF PUBLICLY DISTRIBUTED INFORMATION 



ABSTRACT OF THE INVENTION 

A method and computer program product for selectively making information 
available to groups of parties amongst a plurality of parties. Public keys that may be 
descriptive, such as a simple name or part of a name, are generated and published. 
Random suffixes or keys, which are random both in nature and in appearance, are 
generated, combined with public keys and distributed to members of groups selected to 
have access to secure data identified by a particular secure key. The random suffixes may 
be combined with the public keys to form a URL that appears to be simultaneously 
random and descriptive. Secure keys may be changed periodically, replacing the random 
suffix portion with a newly generated random suffix. Secure keys may be encryption keys 
derived from randomly generated decryption keys. 
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